Detections
Analytics

Linux Distros Unpatched Vulnerability : CVE-2026-46151

critical Nessus Plugin ID 317547

Language:

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblp_ctrl_msg() collapses the usb_control_msg() return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GET_DEVICE_ID control transfer short and the driver has no way to know.
 usblp_cache_device_id_string() reads the 2-byte big-endian length prefix from the response and trusts it (clamped only to the buffer bounds). The buffer is kmalloc(1024) at probe time. A device that sends exactly two bytes (e.g. 0x03 0xFF, claiming a 1023-byte ID) leaves device_id_string[2..1022] holding stale kmalloc heap. That stale data is then exposed: - via the ieee1284_id sysfs attribute (sprintf(%s, buf+2), truncated at the first NUL in the stale heap), and - via the IOCNR_GET_DEVICE_ID ioctl, which copy_to_user()s the full claimed length regardless of NULs, up to 1021 bytes of uninitialized heap, with the leak size chosen by the device. Fix this up by just zapping the buffer with zeros before each request sent to the device. (CVE-2026-46151)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

See Also

https://security-tracker.debian.org/tracker/CVE-2026-46151

Plugin Details

Severity: Critical

ID: 317547

File Name: unpatched_CVE_2026_46151.nasl

Version: 1.1

Type: Local

Agent: unix

Family: Misc.

Published: 5/29/2026

Updated: 5/29/2026

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2026-46151

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:11.0, cpe:/o:debian:debian_linux:12.0

Required KB Items: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/28/2026

Reference Information

CVE: CVE-2026-46151